I would like to share my fully functional configuration with reverse proxy to future users.
I had troubles accesing NextCloud and the help I found in this thread help me to fix it.
Proxy:
<VirtualHost *:80>
DocumentRoot /var/www
ServerName cloud.mydomain.com
## Redirigir HTTP -> HTTPS
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName cloud.mydomain.com
DocumentRoot /var/www
CustomLog /var/log/apache2/cloud-access.log combined
ErrorLog /var/log/apache2/cloud-error.log
# Proxy al VM 192.168.1.63
ProxyPreserveHost On
ProxyPass / http://192.168.1.63/
ProxyPassReverse / http://192.168.1.63/
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
# Required for Nextcloud
<IfModule mod_dav.c>
Dav off
</IfModule>
# COMMENT THIS BEFORE CREATING THE SSL CERTS
# Security improvements
Protocols h2 http/1.1
SSLEngine on
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
SSLHonorCipherOrder on
# Disable insecure SSL and TLS versions
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# Disable HTTP TRACE method.
TraceEnable off
# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
# Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
.
.
.
.
.
Virtutal machine with NextCloud
<VirtualHost *:80>
ServerName 192.168.1.63
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud/
SetEnv HTTP_HOME /var/www/nextcloud/
</VirtualHost>
#<VirtualHost *:443>
# Nothing
#</VirtualHost>
NextCloud config.php
<?php
$CONFIG = array (
'passwordsalt' => 'HIDE',
'secret' => 'HIDE',
'trusted_domains' => ['192.168.1.*', 'mydomain.com', 'cloud.mydomain.com'],
'datadirectory' => '/mnt/HDD1/NC_data',
'dbtype' => 'mysql',
'version' => '20.0.4.0',
'dbname' => 'nextcloudDB',
'dbhost' => '192.168.1.62:3306',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloudDBuser',
'dbpassword' => 'nextcloudDBpsw',
'installed' => true,
'instanceid' => 'HIDE',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 1.0,
),
'blacklisted_files' => ['.htaccess','Thumbs.db','thumbs.db','prohib.ido'],
'loglevel' => 2,
'log_rotate_size' => 3145728,
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpsecure' => 'ssl',
'mail_from_address' => 'email',
'mail_domain' => 'gmail.com',
'mail_smtpauth' => 1,
'mail_smtphost' => 'smtp.gmail.com',
'mail_smtpport' => '465',
'mail_smtpname' => 'email@gmail.com',
'mail_smtppassword' => 'password',
'enable_previews' => true,
'preview_max_x' => 1000,
'preview_max_y' => 1000,
'overwrite.cli.url' => 'https://cloud.mydomain.com/',
'htaccess.RewriteBase' => '/',
'overwritehost' => 'cloud.mydomain.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwritecondaddr' => '^192.168.1.61$',
'trusted_proxies' => ['192.168.1.61', '192.168.5.0/24'],
'forwarded_for_headers' => ['HTTP_X_FORWARDED_FOR','HTTP_X_FORWARDED'],
'maintenance' => false,
);